The current invention is in the field of personal identification related document technology and in particular to the field of transaction card security and imaging on transaction cards and other personal identification related documents.
A wide range of documents require personalization. Some examples are passports, transaction cards, entry passes and drivers licenses. The main purpose of the personalization is to accord the holder some privilege and to prevent others from having access to the privilege. As a result these documents usually have a means of personal identification included into the document. This wide range of documents will be referred to in the following as personal identification related documents. In the following we adopt the term transaction card to embrace all personal identification related documents and vice versa.
The use of transaction cards is ubiquitous and offers cardholders access to financial resources as well as many services. In many situations transaction cards have become a replacement for currency and are attractive targets for fraudulent use. In order to protect financial institutions, consumers, and merchants from fraudulent use of these cards, the credit card industry has introduced many features onto cards to reduce fraud. Included in this list of features are the magnetic stripe, holograms, special over-layers, card verification values and the like. Since those interested in committing credit card fraud are looking for means to circumvent the security features there is a continual need for new technologies to thwart their attempts.
Transaction cards typically come with a data storage area that is accessed by a machine. A typical example of this is the magnetic stripe common on most credit cards. However, other data storage means are available, such as a small microprocessor in the case of so-called smart-cards. In any case, the purpose of this data storage is an electronic means for the equipment at the point of transaction to gather information about the account being serviced. In the case of standard credit cards information on the storage area includes the account number, name of authorized cardholder and expiration date.
Equipment used in conjunction with transaction cards have advanced technically. It is common for a cash register to include a microprocessor having computing power compatible with common home computer systems. These systems often are networked for interactions with larger store systems and financial networks. Automated Teller Machines (ATM""s) are also technically sophisticated and are typically networked to a world-wide financial system.
One feature common to most ATM machines is that the transaction card is captured completely by the machine. Common transaction terminals, such as those produced by vendors such as Verifone, often only read the magnetic stripe as the card is swiped through the device.
Other methods of machine readable data onto cards include so-called smart-cards manufactured and marketed by GemPlus among others, two-dimensional bar-codes such as those marketed by Symbol Technologies, Inc., and data glyphs marketed by Sandia Imaging. All of these methods store a limited amount of machine readable data onto a transaction card and are being utilized by different issuers of transaction cards.
Methods for printing onto transaction cards are well-known. The printing of transaction cards which have unique or small quantities is also done by commercially available systems such as the ImageCard IV Photo ID Printer from Datacard. These printers allow for digital images to be printed directly onto a PVC material.
Transaction card issuers have been adding images of cardholders onto the card for several years. This image provides some security since presenting a card with someone else""s picture will cause one to question whether the card""s use is legitimate. An extension of this idea is for the cardholder""s picture to be compressed and stored into the data storage of the card. A method for capturing, storing and compressing a cardholders portrait onto the magnetic stripe of the computer has been developed (see U.S. Pat. No. 5,466,918, Nov. 14, 1995 to Ray, et al., entitled xe2x80x9cMETHOD AND APPARATUS FOR IMAGE COMPRESSION, STORAGE, AND RETRIEVAL ON MAGNETIC TRANSACTION CARDSxe2x80x9d), which is hereby incorporated herein by reference.
Image scanning is a common practice and the equipment to accomplish this task has become both inexpensive and relatively compact. Typically, the scanning can be done with a resolution of 500 dots per inch (dpi) and in color. The scanning process is also quite fast, scanning a full page in a matter of seconds.
Often there is a need to distill a relatively large data record into a shorter reference value or key. What is desirable is to create the key from the data, but with a negligible likelihood of the same key being generated from two distinct records. Often these methods are referred to as hash algorithms and they are utilized widely in computer systems. A well-known such hash algorithm is the so-called Secure Hash Algorithm (SHA) of National Institute of Standards and Technology (NIST). This algorithm processes a 512 bit record into a 160-bit (20-byte) key. Mathematically, a hash function is a mapping from the space of m-bit strings to the space of n-bit strings where m greater than n. For instance if m=512 and n=160, then the SHA is such a mapping, but so is the mapping which simply truncates the string after the first 160 bits.
A method for securing images is data hiding or embedding where information is encoded into an image in such a manner that makes it invisible to a viewer, but becomes readable by means of an imager scanner and an image processing device. To be practical, however, the hidden information must be rapidly recoverable from the scanned data and must be able to survive the printing process and the effects of wear such as scratching. Furthermore, to relate the hidden information to other information on the card, the hidden data must have the ability to carry information. For example, if the hidden information only carried one bit of data, then the maximum number of names that the hidden information could address would be two. If however, the hidden information could successfully carry 32 bits of information, then a maximum of about 10 billion people could be addressed. Of course, these calculations assume that a data base relating a name to a raw bit sequence is used.
Several algorithms exist today that possess this level of robustness and information carrying capacity. For example, (see U.S. Pat. No. 5,636,292, Jun. 3, 1997 to Rhoads, entitled xe2x80x9cSTEGANOGRAPHY METHODS EMPLOYING EMBEDDED CALIBRATION DATAxe2x80x9d), describes a way of combining N random images, each random image comprising a single bit of information, to form a composite image that is added to the photo. When it is desired to retrieve the hidden information, each of the N random images is correlated with the photo, the polarity of the resultant correlation determining the specific bit value.
The algorithm described in U.S. Ser. No. 08/848,112, filed Apr. 28, 1997, Honsinger, et al., entitled xe2x80x9cAN IMPROVED CARRIER FOR THE DATA EMBEDDING PROBLEM,xe2x80x9d has been demonstrated to be robust to printing, scanning, and wear and tear while carrying up to 160 bits of information. Such application is hereby incorporated herein by reference. The algorithm has an advantage over Rhoads in that only one correlation needs to be performed making the prospect of fast processing more obtainable. It is also to be noted that the output from the SHA is also 160 bits.
This Honsinger, et al. application also prescribes a means to produce a carrier (random image) with optimal information carrying capacity and robustness. In such applications, the method is taught for embedding a message into a digitized image comprising the steps of forming a digitized version of the desired message; generating a random phase carrier; convolving the formed digitized version of the desired message and the generated random phase carrier to form a scrambled message; and combining the scrambled message with the digitized image to form an embedded message image. The improved carrier signal taught in the Honsinger, et al. application is designed in the Fourier frequency domain. In the Fourier domain, the value of the signal at each frequency is characterized by a complex number that can be represented as either a real/imaginary pair or as an amplitude/phase pair. The carrier signal was designed in Fourier domain in such a way that the carrier""s amplitude at each frequency is a constant and the carrier""s phase in each frequency is a random number that is uniformly distributed between 0 and 360 degrees. The autocorrelation of such a carrier signal has a shape resembling a delta function, which improves the integrity of the recovered message. The random phase of the carrier is constructed by using the output of a stream cipher encryption system. As a result, it will be practically impossible for any unauthorized person who does not have access to the private key of the encryption system to duplicate the carrier function. Central to the specification of this carrier, is the use of a seed to generate certain random characteristics of the carrier. In the present invention, it is understood that the seed may be derived directly from the machine-readable information or from the SHA of the machine-readable information. This renders the required information capacity of the embedding algorithm to only one bit, since at the time that the machine-readable information is read, it would be possible to regenerate the carrier used at the time of the original embedding. If however, there is a requirement to embed further information not available on the machine readable code, it is appreciated that a carrier derived from using the machine readable information as a seed could be used to carry this information as well, in a multi-bit scenario.
If a transaction card is presented for authorization, then two types of errors could occur; a valid card is rejected, i.e. a false negative, or a invalid card is accepted, i.e., a false positive. In an ideal situation the false negative and false positive rates are zero, but this is impractical. However, an acceptable level of false positives and false negatives are predetermined and these levels are then used to ascertain the number of bits which need to agree in order for a transaction card to be accepted. In the case of a valid card,.the embedded data can be recovered, but some small percentage of the recovered bits will be in error, i.e., the bit error rate.
It is well known, that given a bit error rate and the number of bits in the recovered data string, what the probability distribution of a string having a specified number of bits in error. Indeed, this is done by a Poisson distribution, (see William Feller, An Introduction to Probability, Theory and Its Applications, John Wiley and Sons, New York, 1976, pp. 153-159). Thus, once an acceptable false positive rate is known, the bit-error rate and the number of bits in the recovered data, the number of bits which must agree can be readily determined. As an example, if the bit-error-rate is 0.01 and 160 bits are recovered, then every millionth card would have more than 11 bits in error, and 149 bits correct, i.e., 93% of the bits are correct.
In the case of a fraudulent card being presented to the system, there needs to be an acceptable level of such cards being accepted, though that level might be quite small. In this case, the bit error rate is likely to be 0.5 linkage of the data embedded in the printed area, and the data in the machine readable area is not explicitly known. In this case, the probability distribution of strings of n-bits having m-bits in error is approximated by a Gaussian distribution. This is well known in the field of probability, (see William Feller, An Introduction to Probability, Theory and Its Applications, John Wiley and Sons, New York, 1976, pp. 179-182). Thus, it is easy to determine the probability that a random bit string will be accepted, given the number of bits required to be in agreement. Using the example above, the likelihood of a false positive is less than 1 in 1027, a very small number.
Thus, the number of bits needed to be in agreement between the recovered embedded data and the data derived from the machine readable data has to be large enough for the false positive rate to be acceptable and small enough that the false negative rate be acceptable. This is not a major hurdle though, as practical implementations will have sufficiently small bit error rates and a sufficiently large number of bits to assure compliance.
As an alternative, since the characteristics of the errors incurred in this type of application are likely predictable, the information is well suited for encoding using EDAC (Error Detection and Correction) techniques. An example of such codes are the celebrated Reed-Solomon codes which are widely used in many applications. EDAC provides an efficient means to recover actual information despite obscuration due to noise. Often, EDAC may be employed requiring only a fractional amount of data overhead, (see Elwyn R. Berlekamp, Algebraic Coding Theory, Aegean Park Press, 1984, ISBN: 0-89412-063-8). Some of the bits are used to perform the EDAC and so the number of bits derived from the machine readable area has to be reduced in order to accommodate the EDAC bits.
A higher level of security is needed for personal identification related documents such as transaction cards in order to reduce fraudulent use of such documents including activities such as skimming. Skimming is the practice of copying the machine readable data from one card to another. In addition, it is preferable if the security features of such personal identification related documents eliminate the need for a clerk to verify the authenticity of a card by looking at an image or card protection feature. Further, it would be beneficial if a personal identification related document and reader system with increased security features works with established transaction card procedures, such as the card validation value (CVV) by having the CVV as part of the data to be hashed, and for image verification values. The prior art fails to teach a personal identification related document and reader system that includes these features.
It is therefore an object of the present invention to provide a personal identification related document such as transaction card and reader system which reduces fraudulent use of such documents.
It is a further object of the present invention to provide a personal identification related document and reader system with increased security features which work with established transaction card procedures.
Still another object of the present invention is to provide a personal identification related document (such as transaction card) and reader system which eliminates the need for a clerk to verify the authenticity of a card by looking at an image or card protection feature.
Still another object of the present invention is to provide a personal identification related document (such as transaction card) and reader system which works with established transaction card procedures, such as the card validation value (CVV) by having the CVV as part of the data to be hashed, and for image verification values.
It is another object of the present invention to provide a personal identification related document (such as transaction card) and reader system which will operate with unattended transaction terminals, such as ATM""s and provide high levels of security.
A further object of the present invention is to provide a personal identification related document (such as transaction card) and reader system which links the printed transaction card with the machine readable data section of the card.
Still another object of the present invention is to provide a personal identification related document (such as transaction card) and reader system which includes embedded data which is invisible to a normal viewer.
Briefly stated, the foregoing and numerous other features, objects and advantages of the present invention will become readily apparent upon a reading of the detailed description, claims and drawings set forth herein. These features, objects and advantages are accomplished by providing a personal identification badge having an area which contains machine readable information and also having a printed region having embedded data in the image printed thereon. A method of producing the identification badge, includes the steps of: forming a digital image of the badge holder; generating an array of random numbers using a random number generator that employs a seed value; adding the array of random numbers to the digital image to produce a modified digital image; and printing the modified digital image on the identification badge. The badge is authenticated by scanning the image on the identification badge to produce a recovered digital image; and correlating the array of random numbers with the recovered digital image to produce a validity check of the identification badge.